[FFmpeg-cvslog] avcodec/vc1dec: Check source picture availability in vc1_mc_4mv_chroma4()
Michael Niedermayer
git at videolan.org
Sat Jun 15 13:17:21 CEST 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Jun 15 13:10:43 2013 +0200| [6c4516d0413ea9b2a9b48fb83d0ba0ef7bc84f92] | committer: Michael Niedermayer
avcodec/vc1dec: Check source picture availability in vc1_mc_4mv_chroma4()
Fixes null pointer dereference
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6c4516d0413ea9b2a9b48fb83d0ba0ef7bc84f92
---
libavcodec/vc1dec.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index 912b970..b796b3d 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -1001,16 +1001,20 @@ static void vc1_mc_4mv_chroma4(VC1Context *v, int dir, int dir2, int avg)
uvsrc_x = av_clip(uvsrc_x, -8, s->avctx->coded_width >> 1);
uvsrc_y = av_clip(uvsrc_y, -8, s->avctx->coded_height >> 1);
if (i < 2 ? dir : dir2) {
- srcU = s->next_picture.f.data[1] + uvsrc_y * s->uvlinesize + uvsrc_x;
- srcV = s->next_picture.f.data[2] + uvsrc_y * s->uvlinesize + uvsrc_x;
+ srcU = s->next_picture.f.data[1];
+ srcV = s->next_picture.f.data[2];
lutuv = v->next_lutuv;
use_ic = v->next_use_ic;
} else {
- srcU = s->last_picture.f.data[1] + uvsrc_y * s->uvlinesize + uvsrc_x;
- srcV = s->last_picture.f.data[2] + uvsrc_y * s->uvlinesize + uvsrc_x;
+ srcU = s->last_picture.f.data[1];
+ srcV = s->last_picture.f.data[2];
lutuv = v->last_lutuv;
use_ic = v->last_use_ic;
}
+ if (!srcU)
+ return;
+ srcU += uvsrc_y * s->uvlinesize + uvsrc_x;
+ srcV += uvsrc_y * s->uvlinesize + uvsrc_x;
uvmx_field[i] = (uvmx_field[i] & 3) << 1;
uvmy_field[i] = (uvmy_field[i] & 3) << 1;
More information about the ffmpeg-cvslog
mailing list